X-Git-Url: https://git.distorted.org.uk/~mdw/sgt/putty/blobdiff_plain/37dfb97a93019ac86cce81f023cd8a33df69b2d8..75105663bb397a7f141a9a1af50062b47825324b:/scp.c

diff --git a/scp.c b/scp.c
index 7b5dbe2a..250e229a 100644
--- a/scp.c
+++ b/scp.c
@@ -57,6 +57,7 @@ static int targetshouldbedirectory = 0;
 static int statistics = 1;
 static int portnumber = 0;
 static int prev_stats_len = 0;
+static int scp_unsafe_mode = 0;
 static char *password = NULL;
 static int errs = 0;
 /* GUI Adaptation - Sept 2000 */
@@ -771,14 +772,13 @@ void scp_sftp_listdir(char *dirname)
     struct fxp_names *names;
     struct fxp_name *ournames;
     int nnames, namesize;
-    char *dir;
     int i;
 
     printf("Listing directory %s\n", dirname);
 
     dirh = fxp_opendir(dirname);
     if (dirh == NULL) {
-	printf("Unable to open %s: %s\n", dir, fxp_error());
+	printf("Unable to open %s: %s\n", dirname, fxp_error());
     } else {
 	nnames = namesize = 0;
 	ournames = NULL;
@@ -789,7 +789,7 @@ void scp_sftp_listdir(char *dirname)
 	    if (names == NULL) {
 		if (fxp_error_type() == SSH_FX_EOF)
 		    break;
-		printf("Reading directory %s: %s\n", dir, fxp_error());
+		printf("Reading directory %s: %s\n", dirname, fxp_error());
 		break;
 	    }
 	    if (names->nnames == 0) {
@@ -1089,6 +1089,14 @@ int scp_sink_setup(char *source, int preserve, int recursive)
 		 * slash.
 		 */
 		lastpart[-1] = '\0';
+	    } else if (!*dupsource) {
+		/*
+		 * The remains of dupsource are _empty_ - the whole
+		 * pathname was a wildcard. Hence we need to
+		 * replace it with ".".
+		 */
+		sfree(dupsource);
+		dupsource = dupstr(".");
 	    }
 
 	    /*
@@ -1680,9 +1688,7 @@ static void rsource(char *src)
 static void sink(char *targ, char *src)
 {
     char *destfname;
-    char ch;
     int targisdir = 0;
-    int settime;
     int exists;
     DWORD attr;
     HANDLE f;
@@ -1728,16 +1734,18 @@ static void sink(char *targ, char *src)
 	     * and the last component of that will fail to match
 	     * (the last component of) the name sent.
 	     * 
-	     * (Well, not always; if `src' is a wildcard, we do
+	     * Well, not always; if `src' is a wildcard, we do
 	     * expect to get back filenames that don't correspond
-	     * exactly to it. So we skip this check if `src'
-	     * contains a *, a ? or a []. This is non-ideal - we
-	     * would like to ensure that the returned filename
-	     * actually matches the wildcard pattern - but one of
-	     * SCP's protocol infelicities is that wildcard
-	     * matching is done at the server end _by the server's
-	     * rules_ and so in general this is infeasible. Live
-	     * with it, or upgrade to SFTP.)
+	     * exactly to it. Ideally in this case, we would like
+	     * to ensure that the returned filename actually
+	     * matches the wildcard pattern - but one of SCP's
+	     * protocol infelicities is that wildcard matching is
+	     * done at the server end _by the server's rules_ and
+	     * so in general this is infeasible. Hence, we only
+	     * accept filenames that don't correspond to `src' if
+	     * unsafe mode is enabled or we are using SFTP (which
+	     * resolves remote wildcards on the client side and can
+	     * be trusted).
 	     */
 	    char *striptarget, *stripsrc;
 
@@ -1759,10 +1767,16 @@ static void sink(char *targ, char *src)
 
 	    if (src) {
 		stripsrc = stripslashes(src, 1);
-		if (!stripsrc[strcspn(stripsrc, "*?[]")] &&
-		    strcmp(striptarget, stripsrc)) {
-		    tell_user(stderr, "warning: remote host attempted to"
-			      " write to a different filename: disallowing");
+		if (strcmp(striptarget, stripsrc) &&
+		    !using_sftp && !scp_unsafe_mode) {
+		    tell_user(stderr, "warning: remote host tried to write "
+			      "to a file called '%s'", striptarget);
+		    tell_user(stderr, "         when we requested a file "
+			      "called '%s'.", stripsrc);
+		    tell_user(stderr, "         If this is a wildcard, "
+			      "consider upgrading to SSH 2 or using");
+		    tell_user(stderr, "         the '-unsafe' option. Renaming"
+			      " of this file has been disallowed.");
 		    /* Override the name the server provided with our own. */
 		    striptarget = stripsrc;
 		}
@@ -1957,7 +1971,6 @@ static void toremote(int argc, char *argv[])
 	    continue;
 	}
 	do {
-	    char *last;
 	    char *filename;
 	    /*
 	     * Ensure that . and .. are never matched by wildcards,
@@ -2133,6 +2146,7 @@ static void usage(void)
     printf("  -v        show verbose messages\n");
     printf("  -P port   connect to specified port\n");
     printf("  -pw passw login with specified password\n");
+    printf("  -unsafe   allow server-side wildcards (DANGEROUS)\n");
 #if 0
     /*
      * -gui is an internal option, used by GUI front ends to get
@@ -2183,6 +2197,8 @@ int main(int argc, char *argv[])
 	    gui_mode = 1;
 	} else if (strcmp(argv[i], "-ls") == 0)
 	    list = 1;
+	else if (strcmp(argv[i], "-unsafe") == 0)
+	    scp_unsafe_mode = 1;
 	else if (strcmp(argv[i], "--") == 0) {
 	    i++;
 	    break;